further reflective value handling improvement

2024-11-25 19:13:48 +03:00 · 2011-02-27 17:43:41 +00:00 · 2011-02-27 17:43:41 +00:00 · 21041f8b90
commit 21041f8b90
parent b47d3e1da3
3 changed files with 9 additions and 5 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -82,6 +82,7 @@ from lib.core.settings import DUMP_START_MARKER
 from lib.core.settings import DUMP_STOP_MARKER
 from lib.core.settings import MIN_TIME_RESPONSES
 from lib.core.settings import PAYLOAD_DELIMITER
+from lib.core.settings import REFLECTED_NON_ALPHA_NUM_REGEX
 from lib.core.settings import REFLECTED_VALUE_MARKER
 from lib.core.settings import TIME_DEFAULT_DELAY
 from lib.core.settings import TIME_STDEV_COEFF
@ -2400,12 +2401,12 @@ def removeReflectiveValues(content, payload):
    if all([content, payload]):
        payload = payload.replace(PAYLOAD_DELIMITER, '')

-        regex = filterStringValue(payload, r'[A-Za-z0-9]', r'[^\s]+')
+        regex = filterStringValue(payload, r'[A-Za-z0-9]', REFLECTED_NON_ALPHA_NUM_REGEX)

-        while r'[^\s]+[^\s]+' in regex:
-            regex = regex.replace(r'[^\s]+[^\s]+', r'[^\s]+')
+        while 2 * REFLECTED_NON_ALPHA_NUM_REGEX in regex:
+            regex = regex.replace(2 * REFLECTED_NON_ALPHA_NUM_REGEX, REFLECTED_NON_ALPHA_NUM_REGEX)

-        retVal = re.compile(regex).sub(REFLECTED_VALUE_MARKER, content)
+        retVal = re.sub(regex, REFLECTED_VALUE_MARKER, content)

        if retVal != content:
            debugMsg = "reflective value found and filtered out"
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -268,3 +268,6 @@ EXCLUDE_UNESCAPE = ("WAITFOR DELAY ", " INTO DUMPFILE ", " INTO OUTFILE ", "CREA

 # Mark used for replacement of reflected values
 REFLECTED_VALUE_MARKER = '__REFLECTED_VALUE__'
+
+# Regular expression used for marking non-alphanum characters
+REFLECTED_NON_ALPHA_NUM_REGEX = r'[^<>\r\n]+'
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -490,7 +490,7 @@ class Connect:
        if content or response:
            return page, headers

-        page = removeReflectiveValues(page, value)
+        page = removeReflectiveValues(page, payload)

        if getRatioValue:
            return comparison(page, getRatioValue=False, pageLength=pageLength), comparison(page, getRatioValue=True, pageLength=pageLength)